Replies: 2 comments 1 reply
-
|
I think between services, there should be encryption, one way or another. It can easily be the case that different services are on different machines. In this case it can be important not only for privacy, but for stopping someone from injecting spoofed messages between the two services. |
Beta Was this translation helpful? Give feedback.
-
|
I have been able to show that using packet sniffing tools like tcpdump and Wireshark, the traffic between services does leak potentially private information such as data set names and contents. There is likely more, but I did not look for any more. In my case I had root access to the deployment to view the tcp communications, however as parshimers mentioned, you would not need root privileges to read these packets if services are spread out on multiple machines. In this setup you would only need a separate device on the same network as one of the services. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
There are many internal RESTful requests between micro services in the Texera system. We want to know whether we need to encrypt these requests to make them more secure.
@parshimers @madhusudancs and others: any thoughts?
Beta Was this translation helpful? Give feedback.
All reactions